Snob

**Name of the Vulnerable Software and Affected Versions** WebSphere Application Server versions 5.0.2 and earlier **Description** The issue allows attackers to gain privileges by accessing admin and LDAP passwords stored in plaintext in the FFDC logs when a login to WebSphere fails. **Recommendations** For WebSphere Application Server versions 5.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 6.0.2 through 6.0.2.7 **Description** The issue is related to "HTTP request handlers" and has remote attack vectors, but its impact is unknown. **Recommendations** For versions 6.0.2 through 6.0.2.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 5.0.2 and earlier IBM WebSphere Application Server versions 5.1.1 and earlier IBM WebSphere Application Server versions 6.0.2 through 6.0.2.7 **Description** The issue allows attackers to gain privileges by accessing user credentials recorded in plaintext in the addNode.log file. **Recommendations** For IBM WebSphere Application Server versions 5.0.2 and earlier, update to a version later than 5.0.2 to resolve the issue. For IBM WebSphere Application Server versions 5.1.1 and earlier, update to a version later than 5.1.1 to resolve the issue. For IBM WebSphere Application Server versions 6.0.2 through 6.0.2.7, update to a version later than 6.0.2.7 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 5.0.2 and earlier IBM WebSphere Application Server versions 5.1.x before 5.1.1.12 IBM WebSphere Application Server versions 6.0.2 up to 6.0.2.7 **Description** A cross-site scripting (XSS) issue exists in the 500 Internal Server Error page on the SOAP port, allowing remote attackers to inject arbitrary web script or HTML via the URI contained in a `FAULTACTOR` element. **Recommendations** For IBM WebSphere Application Server versions 5.0.2 and earlier, update to a version later than 5.0.2. For IBM WebSphere Application Server versions 5.1.x before 5.1.1.12, update to version 5.1.1.12 or later. For IBM WebSphere Application Server versions 6.0.2 up to 6.0.2.7, update to a version later than 6.0.2.7.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 5.0.2 and earlier, 5.1.1 and earlier **Description** The issue allows unauthorized EJB access on Solaris systems through a crafted LTPA token. **Recommendations** For versions 5.0.2 and earlier, apply the latest cumulative fix to resolve the issue. For versions 5.1.1 and earlier, apply the latest cumulative fix to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 6.0.2 through 6.0.2.7 **Description** The issue is related to an unspecified vulnerability in the administrative console of the software. The impact and attack vectors of this issue are unknown. **Recommendations** For IBM WebSphere Application Server versions 6.0.2 through 6.0.2.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere versions 5.1.1 and earlier **Description** The issue allows attackers to obtain sensitive information via the trace. **Recommendations** For versions 5.1.1 and earlier, update to a version that fixes this issue.

**Name of the Vulnerable Software and Affected Versions** IBM WebSphere Application Server versions 5.0.2 and earlier IBM WebSphere Application Server versions 5.1.1 and earlier **Description** The issue is related to inserting certain script tags in URLs, which may allow unintended execution of scripts. **Recommendations** For IBM WebSphere Application Server versions 5.0.2 and earlier, update to a version later than 5.0.2 to resolve the issue. For IBM WebSphere Application Server versions 5.1.1 and earlier, update to a version later than 5.1.1 to resolve the issue. As a temporary workaround, consider restricting the insertion of script tags in URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SmartISoft phpListPro versions 2.01 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `returnpath` parameter in several PHP files, including editsite.php, addsite.php, and in.php. **Recommendations** For SmartISoft phpListPro versions 2.01 and earlier, consider restricting access to the vulnerable PHP files, such as editsite.php, addsite.php, and in.php, to minimize the risk of exploitation. Avoid using the `returnpath` parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.